Contents x
    Linksys
    • 29 Apr 2024
    • 2 Minutes to read
    • Contributors
      Contents

      Linksys

      • Updated on 29 Apr 2024
      • 2 Minutes to read
      • Contributors
        Article summary

        Introduction

        This guide will guide you through the necessary steps to establish a Site-to-Site VPN tunnel between your Harmony SASE network and your Linksys environment.

        Breakdown of topics

        1. Pre-requisites
        2. Configuration Steps
        3. Verifying the Setup
        4. Troubleshooting
        5. Support Contacts

        Pre-requisites

        To successfully follow this guide, ensure that:

        1. An active Harmony SASE account and a setup network.
        2. The Harmony SASE application is installed on your necessary devices.
        3. A working Linksys setup with the appropriate administrative privileges.

        Configuration Steps

        Configuring the tunnel in the Management Platform

        1. Select the network tab from the menu on the left side of the screen. Choose the network that contains the gateway in your network to which you'd like to create the tunnel. Select the three-dotted icon besides the gateway's name and select Add Tunnel.
          360010932540ScreenShot2019-08-27at140615.png

        2. Select IPSec Site-2-Site Tunnel and select Continue.

        3. In the General Settings section fill in the following information:

        • Name: Choose whatever name you find suitable for the tunnel.
        • Shared Secret: Enter a character string of your own or use Generate.
        • Public IP/Remote ID: Enter the public IP from which the Linksys device is connected to the internet.
        • Harmony SASE Gateway Proposal Subnets: Choose the specified subnet. By default, this should be set to 10.2XX.0.0/16.
        • Remote Gateway Proposal Subnets: Select Specified Subnets and specify according to your local LAN Subnets.

        1. In the Advanced Settings section fill in the following:
        • IKE Version: V2
        • Encryption (Phase 1): AES256
        • Encryption (Phase 2): AES256
        • Integrity (Phase 1): SHA1
        • Integrity (Phase 2): SHA1
        • Diffie-Hellman Groups (Phase 1): 5
        • Diffie-Hellman Groups (Phase 2): 5
        • DPD detection: 30s
        • DPD timeout: 10s

        Leave the rest of the fields with the default values (as shown in the attached image) and click on add a tunnel.

        Configuring the tunnel in the Linksys Web Interface

        1. Open the Netgear management interface (typically 192.168.1.1).
        2. In the left panel, select VPN, then select Gateway to Gateway.
        3. Fill in the following information:
          Add a New Tunnel
          Tunnel Name: Enter a name of your choice.
          Interface: WAN1
          Local Group Setup
          Local Security Gateway Type: IP Only
          IP Address: Your external IP address (should be filled automatically)
          Local Security Group Type: Subnet
          IP Address: Enter the local IP address.
          Subnet Mask: Enter the subnet mask.
          Local Group Setup
          Remote Security Gateway Type: IP Only
          IP Address: Your P81 gateway IP address.
          Remote Security Group Type: Subnet
          IP Address: 10.255.0.0
          Subnet Mask: 255.255.0.0
        4. Continue to IPSec Setup and fill in accordingly:
          Keying Mode: IKE with PSK
          Phase 1 DHG: Group 5
          Phase 1 Encryption: AES256
          Phase 1 Authentication: SHA1
          Phase 1 SA Lifetime: 28800
          PFS: Enabled
          Phase 2 DHG: Group 5
          Phase 2 Encryption: AES256
          Phase 2 Authentication: SHA1
          Phase 2 SA Lifetime: 3600
          Preshared Key: Enter the same key you entered in the Harmony SASE portal.
        5. Select Advanced. Enable Keep-Alive and set Dead Peer Detection Interval to 10 seconds. Leave the rest of the advanced settings with the default values.

        Verifying the Setup

        After following the above steps, your tunnel should be active.
        To verify, go to your Harmony SASE dashboard, locate the tunnel you just created, and check the tunnel status.
        It should indicate that the tunnel is "Up", signifying a successful connection.
        Next, connect to your network using the Harmony SASE agent and attempt to access one of the resources in your environment.

        Troubleshooting

        If you encounter issues during or after the setup, try reviewing your settings to ensure everything matches the instructions. In particular, check the IP addresses and other details you entered during setup. If issues persist, please consult our dedicated support.

        Support Contacts

        If you have any difficulties or questions, don't hesitate to contact Harmony SASE's support team. We offer 24/7 chat support on our website at Perimeter81.com, or you can email us at sase-support@checkpoint.com. We're here to assist you and ensure your VPN tunnel setup is a success.

        Was this article helpful?
        What's Next